// userRoutes.js

const express = require('express');
const router = express.Router();
const UserController = require('../controllers/userController');
const authMiddleware = require('../middleware/authMiddleware');

// 用户个人资料相关路由
router.get('/profile', authMiddleware, UserController.getUserProfile);
router.put('/profile', authMiddleware, UserController.updateUserProfile);
router.put('/profile/password', authMiddleware, UserController.updateUserPassword);

// 管理员功能路由
router.get('/', authMiddleware, async (req, res, next) => {
    try {
        // 检查用户是否是管理员
        if (req.user.role !== 'admin') {
            return res.status(403).json({
                success: false,
                message: 'Access denied. Admin privileges required.'
            });
        }
        next();
    } catch (error) {
        next(error);
    }
}, UserController.getUsers);

router.put('/:userId/status', authMiddleware, async (req, res, next) => {
    try {
        // 检查用户是否是管理员
        if (req.user.role !== 'admin') {
            return res.status(403).json({
                success: false,
                message: 'Access denied. Admin privileges required.'
            });
        }
        next();
    } catch (error) {
        next(error);
    }
}, UserController.updateUserStatus);

module.exports = router;